Hide Apache and PHP information

N B 9/23/2013 12:45:00 pm

Attacker will always try to find out your PHP and Apache version using simple method. Most bugs are version specific. You can hide Apache and PHP information easily
Get your Apache server information using telnet

Code:

telnet domain.com 80

When connected type HEAD / HTTP/1.0, followed by [Enter] key.

Output:

Code:

Trying 206.xxx.xxx.xxx...

Connected to your-domain-name.com.

Escape character is '^]'.

HEAD / HTTP/1.0 HTTP/1.0 200 OK

Date: Wed, 21 Aug 2013 11:30:42 GMT

Server: Apache/2.0.52 (Red Hat) Accept-Ranges: bytes Content-Length: 3985 Connection: close Content-Type: text/html; charset=UTF-8 Connection closed by foreign host.



How do I Hide Apache Version info?
Open httpd.conf file (located in /etc/httpd/ directory /etc/apache2/ )

Code:

vi httpd.conf

Change the ServerSignature line to: ServerSignature Off 
Change the ServerTokens line to: ServerTokens Prod
Restart Apache: /sbin/service httpd restart

How do I hide php info?
Open php.ini (located in /etc/php.ini or /etc/php5 or /etc/php4 directory)

Code:

vi php.ini


Change the expose_php line to: expose_php=Off

About N B
A Passionate enthusiastic ,self motivated software tester who loves and Enjoy testing Web and mobile applications,games.

My Quest in life is to dive into deep ocean of Testing.

I am ISQTB and HIPPA Certified Passionate software tester with hands on and extensive experience in testing Web Applications, Mobile Applications, Games

Tools: Selenium WebDriver, Appium, Jenkins, TestNG, JIRA, Maven, Junit, Accnetix (For Security Testing), SOAP UI (For API Testing), Jmeter (For Load Testing) , BurpSuite(For Security Testing), Test Link, Mantis

About Me

Followers

Monday, 23 September 2013

Hide Apache and PHP information

No comments:

Post a Comment

Search This Blog

Total Pageviews

Blog Archive

Social

Popular

Recent

Clustr-Maps

Contact Form